Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSE539 - Applied Cryptography > Week4 > Flashcards

Week4 Flashcards

1
Q

Which statement is true about authentication?

Authentication is based on each user having a unique set of criteria for gaining access.

Authentication determines whether the user has the permissions to issue specific commands.

Authentication decides if a user has rights to access certain resources.

Authentication tracks resources that a user consumes during access.

A

Authentication is based on each user having a unique set of criteria for gaining access.
Correct! These criteria can be passwords or CA-issued certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Suppose you have been asked to assess the quality of a security system for a secret building. This building has two locked doors, which together function as multi-factor authentication (MFA) for gaining access. Given what you know about MFA, which method has the weakest security?

Tell a secret password at Door 1 and a different secret password at Door 2.

Tell a secret fact from the last visit at Door 1 and give a number sent to your phone at Door 2.

Scan your fingerprints at Door 1 and sing a secret song you learned on your last visit to the building at Door 2.

Tell a secret password at Door 1 and give a number sent to your phone at Door 2.

A

Tell a secret password at Door 1 and a different secret password at Door 2.
Correct! MFA requires that the sources for both authentication be different. Because you are asked at both doors to give authentication that has the same source (i.e., something you know), this is not a very secure system. If you encounter this kind of system at the secret building, you should encourage the administrators to change it in your report.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Assuming that Alice is a client and Bob is the server, which statement is true for Alice and Bob in the context of authentication?

Client authentication is when Alice sends Bob a challenge to verify against her valid response.

Two-way authentication is when both Alice and Bob fulfill their challenge-response criteria.

Server authentication is when Bob sends Alice a challenge to verify against her valid response.

One-way authentication is when Alice sends Bob her credentials first, and then Bob does the same.

A

Two-way authentication is when both Alice and Bob fulfill their challenge-response criteria.
Correct! Users check a website’s SSL certificate to verify that the website is what it says it is, and the website asks for the users’ passwords to verify that the users are who they say they are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which component is unusable in a challenge-response system?

Public symmetric keys

Crypto-secure random numbers (CSRNs)

Asymmetric keys

Math puzzles that must be solved in a specific way

A

Public symmetric keys

Correct! Because the same key is used for encryption and decryption and it is made public, there is no secrecy left.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Given that the One Time Password method involves a user who communicates with the host by using the hashed values of the seed generated by the user, which attack will work on this method?

Replay attack by repeating the number that the user sent to the host.

Stealing the number stored at the host’s end.

Steal the seed with which the user to generate the sequence.

Delete a couple of numbers from the user’s file in which the user stored the chain.

A

Steal the seed with which the user to generate the sequence.
Correct! With this approach, an attacker will be able to imitate a user just by keeping a count of the conversations between the user and host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which kind of OTP is unsuitable for multi-factor authentication?

Authy OTP
Text OTP
Duo OTP
Google Authenticator OTP

A

Text OTP
Correct! Text-based OTP just sends a secure random number to the user and expects the user to have access to their phone. There is no application of a FOB in this implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Consider a case of a public key challenge-response scheme to send a message m, where the server knows the user’s public key and the response to the challenge from the user is made using the private key. Given this information, which equation holds true?

E_{k1}E k1(E_{k2}E k2(m)) = m

E_{k1}E k1 (E_{k1}E k1(m)) = m

E_{k2}E k2(E_{k2}E k2(m)) = m

E_{k2}E k2(m) = E_{k1}E k1(m)

A

E_{k1}E k1(E_{k2}E k2(m)) = m
Correct! One can get the message back from the cipher that was generated using one key of PKI by encrypting the cipher with the other key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Question 4
Which response to a challenge is vulnerable to attacks?

E_{K2}(R)

R2, EK2(R1 ,R2)

E K2(H(R))

E R(msg)

A

E_{K2}(R)
Correct! An attacker could use this plaintext cipher for cryptoanalysis, or they could just build a database of random numbers encrypted with the user’s private key and use that cipher to imitate the user anytime they found a matching random number being sent from the host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Suppose that Alice and Bob want to communicate. Consider this scenario:

Alice generates a hash sequence: 4654 → 8945 → 1341 → 2038 → 7439 → 4875.

Alice gives Bob the hash value 7439 of the sequence in person when they meet.

Which value does Alice need to send in order for Bob to authenticate her as a secure party?
2038
4875
8945
4654
A

2038

Correct! Bob will update the secret hash he knows every time with the number Alice sends him from the sequence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which statement best describes the key exchange problem?

It was difficult to share PKI asymmetric keys on open channels.

It was difficult to share symmetric keys on open channels.

It was difficult to be unable to communicate after having shared the secret key securely so that only the right people knew about it.

It was difficult to build secret channels using open channels.

A

It was difficult to share symmetric keys on open channels.

Correct! Any channel is, by default, considered compromised, so using them to share secrets was difficult.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
Which game falls outside of the Merkel’s puzzle category?
Tic-tac-toe
Rubik’s cube
Crossword puzzles
Sudoku
A

Tic-tac-toe
Correct! Tic-tac-toe is simple and fun to solve, and verifying it is very simple. Thus, it cannot be categorized as one of Merkel’s puzzles because of the format of the puzzle or game.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Question 3
In order to establish a secure channel using Merkel puzzles, step does a person need to precompute?

A million different puzzles

Encryption of the index with the solution for every puzzle at the respective index.

Index for a million puzzles
Solutions to a million puzzles

A

Encryption of the index with the solution for every puzzle at the respective index.
Correct! One must choose an encryption algorithm that should be used, and this person would need to keep the ciphers for indices ready to figure out which solution is the key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Assume that Alice has come up with 21 puzzles instead of a million, and each puzzle takes about 5 minutes to solve. Also assume that Bob randomly chooses any one of these puzzles. What is the least amount of secure time that Alice and Bob have to talk to each other if Eve starts solving puzzles from Top and Bottom simultaneously?

5 minutes
50 minutes
100 minutes
105 minutes

A

5 minutes
Correct! Bob might have chosen the first or the last puzzle, so the guaranteed minimum amount of secure time Alice and Bob have is only 5 minutes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Question 1
Which definition best describes co-prime numbers?

Two numbers are said to be co-prime if both numbers are only divisible by themselves and 1.

Two numbers are said to be co-prime if the only positive integer that divides both of them is 1.

Two numbers are said to be co-prime if they share the largest number that divides both of them.

Two numbers are said to be co-prime if one number divides another and no remainder is left.

A

Two numbers are said to be co-prime if the only positive integer that divides both of them is 1.
Correct! For example, 14 and 15 are co-prime numbers because they are commonly divisible by 1 only. Conversely, 14 and 21 are not coprime because they are both divisible by 7.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In Diffie Hellman, if Alice and Bob forget to raise the generator to any power, what will be the value they end up sharing?

x,y
1
N
g

A

g

Correct! Since g < N, the modulus will always result in g.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which component is kept secret in Diffie Hellman key exchange?

x,y
x,y and g^{xy}mod N
x,y and N
x,y and g^{xy}

A

x,y and g^{xy}mod N
Correct! x,y are the two private keys, while g^{xy}g
xy
mod N is the shared secret.

17
Q

Which components are disclosed publicly in Diffie Hellman key exchange?

x mod N and y mod N

N, x and y

g^xg mod N and g^ymod N

g^{xy}mod N and g

A

g^xg mod N and g^ymod N

Correct! In DH key exchange, g, N, g^xmod N, and g^y mod N all are shared publicly.

18
Q

Question 5
If N = 23 and g = 5, which pair of private keys and shared secret is correct?

x = 5, y = 6, shared secret = 20
x = 5, y = 6, shared secret = 8
x = 5, y = 6, shared secret = 16
x = 5, y = 6, shared secret 23
A

x = 5, y = 6, shared secret = 16
Correct! You may have noticed that 6^{20}6
20
is quite large, so imagine the result of raising a 256-bit number to such power. That is why it is not easy to determine the values of x or y just by looking at g N and gi mod N i = (x or y).

19
Q 
What should be the bit length of x,y to get a key strength of 128 bits?
256
512
384
128
A

256
Correct! The strength decreases to half due to the birthday attack, and 256 bits is effective in generating a key strength of 128 bits.

20
Q 
If p denotes a large prime used for modulus and q is the largest prime factor of p-1 in Diffie Hellman key exchange, which equation represents a good way to compute p?
p = q+1
p = 2q+1
p = 2q
p = q
A

p = 2q+1
Correct! Given that q is a factor of p-1, it should be multiplied to some number to get q, and 2 is the smallest possible value which ensures the generated number is odd and hence prime.

21
Q 
What is the correct value of g for Ƶ_7Ƶ7, which is the set of all numbers generated using g?
5
6
7
2
A

5
Correct! Given that the powers of 5 (5, 25, 125, 625, 3125, and 15625) generate 5, 4, 6, 2, 3, and 1 when mod 7 is applied, it covers all elements in Ƶ_7Ƶ7 = {0,1,2,3,4,5,6}.

22
Q

Which security mechanism can ensure that a particular document remains unchanged?

Authentication

Symmetric key encryption

Public key encryption

Hashing

A

Hashing

Correct! Even changing a single bit in a document can drastically affect the document’s hash. The parties involved can always verify hashes to detect whether any changes were made.

23
Q 
Which security feature is ensured by encrypting the hash of a public document with a private key?
Accounting
Anonymity
Authentication
Authorization
A

Authentication
Correct! Anyone with the document and public key of the signing authority can decrypt the encrypted hash and verify its authenticity against the self-computed hash of the document.

24
Q

Which precaution ensures that a man-in-the-middle attack fails to work on digitally signed checks?
Users add the signature’s hash and private key encryption to the check and exchange all of the information online.
Receivers of the checks verify the checks themselves.
Users provide a public key to the bank in person and exchange the rest of the information online.
Users add the serial number to the check.

A

Users provide a public key to the bank in person and exchange the rest of the information online

Correct! This prevents a MITM attacker from modifying information being exchanged over a channel.

25
Q

What information is included on a user’s digital certificate from a bank?
The user’s name, the public key, and a hash encrypted by the bank’s private key.
The user’s name, the public key, and a hash encrypted by the bank’s public key.
The user’s name, the public key, and a hash encrypted by the user’s private key.
The user’s name, the public key, and a hash encrypted by the user’s public key.

A

The user’s name, the public key, and a hash encrypted by the bank’s private key.
Correct! The hash ensures that no changes are made to the certificate. To verify the certificate, one must know the correct public key of the bank.

26
Q

Which type of protocol can be implemented by using RSA but not by using Diffie Hellman?

Generating session keys
Authentication
Key exchange
Secret messaging

A

Authentication
Correct! A major aspect of authentication is that nobody but the users know their own private keys. This cannot be achieved using Diffie Hellman.

27
Q

What is the advantage of hybrid messaging, which uses PKI and a session key, over secret messaging, which just uses PKI?
Hybrid messaging eliminates the step of sharing a secret key.
Hybrid messaging saves time because it eliminates the need for authentication.
Ciphers created for hybrid messaging require both RSA and a symmetric key for decryption.
Hybrid messaging saves computation and time.

A

Hybrid messaging saves computation and time.

Correct! Computing RSA keys is a tedious task, and hybrid messaging helps by eliminating the need to compute new RSA keys every time.

28
Q 
What components are required to implement digital signatures?
Hashing and public keys
Hashing and private keys
Hashing, public key, and private key
Public key and private key
A

Hashing, public key, and private key
Correct! The document is hashed and this hash is encrypted using the private key this cipher is then put as a signature on the document.

29
Q

Which combination is the correct way to form digital certificates?
Hash of an ID, signed by a third party.
Hash of the ID and a third party’s signature, encrypted in the user’s public key.
Hash of the ID and the user’s public key, signed by a third party.
Hash of an ID, encrypted in the user’s public key and signed by a third party.

A

Hash of the ID and the user’s public key, signed by a third party.

Correct! Websites usually have their URLs as unique IDs on certificates.

30
Q 
Which security mechanisms can be used beforehand to protect channels that are established using key exchange protocols?
Accounting
Authorization
Authentication
Anonymization
A

Authentication
Correct! Key exchange provides a secure channel but does not prove the identity of the person on the other end. This can make it vulnerable to MITM attacks. Authentication before establishing the channel can provide the required security.

31
Q 
Which entity is unable to act as a man-in-the-middle attacker?
A user on public Wi-Fi
An internet service provider
An attacker using a phishing website
A cell phone carrier
A

An attacker using a phishing website

Correct! In a phishing attack, the attacker is mainly interested in user credentials, which, once stolen, can be used to gain access to the user’s account.

32
Q

Assume that Alice and Bob have known each other for a long time and that they use RSA for communication. Given this information, in which situation will a man-in-the-middle attack be unsuccessful?
Alice and Bob exchange public keys using Diffie Hellman.
Alice and Bob exchange public keys over email.
Alice and Bob exchange their public keys using an anonymous channel.
Alice and Bob exchange public keys in person.

A

Alice and Bob exchange public keys in person.

Correct! Given that Alice and Bob have known each other for a long time, it is likely that they have met in person and were able to authenticate each other. After exchanging public keys, only Alice and Bob would be able to either encrypt or decrypt the messages shared between them.

33
Q

Suppose that Alice and Bob are exchanging messages using Diffie Hellman, and Eve is an attacker. Also suppose that:
1. Alice shares gx mod N
2. Bob shares gy mod N
3. Eve modifies Alice’s and Bob’s key using gz mod N.
Given this information, which pair of keys that Eve uses to decrypt messages exchanged between Alice and Bob, where the first secret is used on Alice and the second is used on Bob?
g^yz mod N and g^xz mod N
g^yz mod N and g^yz mod N
g^{xz} mod N and g^{yz} mod N
g^{xz} mod N and g^{xz} mod N

A

g^{xz}gxz mod N and g^{yz}gyz mod N

Correct! The shared secret established between Alice and Eve is gxz mod N and, similarly, between Eve and Bob is gyz mod N since Eve is a MITM attacker. Because she does not know gxy, she has to form two separate secrets—one for Alice and one for Bob—for her to remain undetected.

CSE539 - Applied Cryptography (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions